CVE-2023-3978

Опубликовано: 02 авг. 2023

Источник: debian

EPSS Низкий

Описание

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-golang-x-net	fixed	1:0.14.0-1		package
golang-golang-x-net	no-dsa		bookworm	package
golang-golang-x-net	no-dsa		bullseye	package
golang-golang-x-net-dev	removed			package
golang-golang-x-net-dev	postponed		buster	package

Примечания

https://go.dev/cl/514896
https://go.dev/issue/61615
https://pkg.go.dev/vuln/GO-2023-1988
https://github.com/golang/net/commit/8ffa475fbdb33da97e8bf79cc5791ee8751fca5e (v0.13.0)

EPSS

Процентиль: 25%

0.0008

Низкий

Связанные уязвимости

CVE-2023-3978

CVSS3: 6.1

ubuntu

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

redhat

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

nvd

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

msrc

10 месяцев назад

Описание отсутствует

SUSE-SU-2024:4011-1

suse-cvrf

9 месяцев назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 25%

0.0008

Низкий